//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension Shield {
    // MARK: Enums

    public enum ApplicationLayerAutomaticResponseStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum AttackLayer: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case application = "APPLICATION"
        case network = "NETWORK"
        public var description: String { return self.rawValue }
    }

    public enum AttackPropertyIdentifier: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case destinationUrl = "DESTINATION_URL"
        case referrer = "REFERRER"
        case sourceAsn = "SOURCE_ASN"
        case sourceCountry = "SOURCE_COUNTRY"
        case sourceIpAddress = "SOURCE_IP_ADDRESS"
        case sourceUserAgent = "SOURCE_USER_AGENT"
        case wordpressPingbackReflector = "WORDPRESS_PINGBACK_REFLECTOR"
        case wordpressPingbackSource = "WORDPRESS_PINGBACK_SOURCE"
        public var description: String { return self.rawValue }
    }

    public enum AutoRenew: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum ProactiveEngagementStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        case pending = "PENDING"
        public var description: String { return self.rawValue }
    }

    public enum ProtectedResourceType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case applicationLoadBalancer = "APPLICATION_LOAD_BALANCER"
        case classicLoadBalancer = "CLASSIC_LOAD_BALANCER"
        case cloudfrontDistribution = "CLOUDFRONT_DISTRIBUTION"
        case elasticIpAllocation = "ELASTIC_IP_ALLOCATION"
        case globalAccelerator = "GLOBAL_ACCELERATOR"
        case route53HostedZone = "ROUTE_53_HOSTED_ZONE"
        public var description: String { return self.rawValue }
    }

    public enum ProtectionGroupAggregation: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case max = "MAX"
        case mean = "MEAN"
        case sum = "SUM"
        public var description: String { return self.rawValue }
    }

    public enum ProtectionGroupPattern: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "ALL"
        case arbitrary = "ARBITRARY"
        case byResourceType = "BY_RESOURCE_TYPE"
        public var description: String { return self.rawValue }
    }

    public enum SubResourceType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case ip = "IP"
        case url = "URL"
        public var description: String { return self.rawValue }
    }

    public enum SubscriptionState: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case inactive = "INACTIVE"
        public var description: String { return self.rawValue }
    }

    public enum Unit: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case bits = "BITS"
        case bytes = "BYTES"
        case packets = "PACKETS"
        case requests = "REQUESTS"
        public var description: String { return self.rawValue }
    }

    public enum ValidationExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case fieldValidationFailed = "FIELD_VALIDATION_FAILED"
        case other = "OTHER"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct ApplicationLayerAutomaticResponseConfiguration: AWSDecodableShape {
        /// Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
        public let action: ResponseAction
        /// Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
        public let status: ApplicationLayerAutomaticResponseStatus

        @inlinable
        public init(action: ResponseAction, status: ApplicationLayerAutomaticResponseStatus) {
            self.action = action
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case action = "Action"
            case status = "Status"
        }
    }

    public struct AssociateDRTLogBucketRequest: AWSEncodableShape {
        /// The Amazon S3 bucket that contains the logs that you want to share.
        public let logBucket: String

        @inlinable
        public init(logBucket: String) {
            self.logBucket = logBucket
        }

        public func validate(name: String) throws {
            try self.validate(self.logBucket, name: "logBucket", parent: name, max: 63)
            try self.validate(self.logBucket, name: "logBucket", parent: name, min: 3)
            try self.validate(self.logBucket, name: "logBucket", parent: name, pattern: "^([a-z]|(\\d(?!\\d{0,2}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})))([a-z\\d]|(\\.(?!(\\.|-)))|(-(?!\\.))){1,61}[a-z\\d]$")
        }

        private enum CodingKeys: String, CodingKey {
            case logBucket = "LogBucket"
        }
    }

    public struct AssociateDRTLogBucketResponse: AWSDecodableShape {
        public init() {}
    }

    public struct AssociateDRTRoleRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the role the SRT will use to access your Amazon Web Services account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.  For more information see Attaching and Detaching IAM Policies.
        public let roleArn: String

        @inlinable
        public init(roleArn: String) {
            self.roleArn = roleArn
        }

        public func validate(name: String) throws {
            try self.validate(self.roleArn, name: "roleArn", parent: name, max: 2048)
            try self.validate(self.roleArn, name: "roleArn", parent: name, min: 1)
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:aws:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleArn = "RoleArn"
        }
    }

    public struct AssociateDRTRoleResponse: AWSDecodableShape {
        public init() {}
    }

    public struct AssociateHealthCheckRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the health check to associate with the protection.
        public let healthCheckArn: String
        /// The unique identifier (ID) for the Protection object to add the health check association to.
        public let protectionId: String

        @inlinable
        public init(healthCheckArn: String, protectionId: String) {
            self.healthCheckArn = healthCheckArn
            self.protectionId = protectionId
        }

        public func validate(name: String) throws {
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, max: 2048)
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, min: 1)
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, pattern: "^arn:aws:route53:::healthcheck/\\S{36}$")
            try self.validate(self.protectionId, name: "protectionId", parent: name, max: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, min: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case healthCheckArn = "HealthCheckArn"
            case protectionId = "ProtectionId"
        }
    }

    public struct AssociateHealthCheckResponse: AWSDecodableShape {
        public init() {}
    }

    public struct AssociateProactiveEngagementDetailsRequest: AWSEncodableShape {
        /// A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you for escalations to the SRT and to initiate proactive customer support.  To enable proactive engagement, the contact list must include at least one phone number.  The contacts that you provide here replace any contacts that were already defined. If you already have contacts defined and want to use them, retrieve the list using DescribeEmergencyContactSettings and then provide it here.
        public let emergencyContactList: [EmergencyContact]

        @inlinable
        public init(emergencyContactList: [EmergencyContact]) {
            self.emergencyContactList = emergencyContactList
        }

        public func validate(name: String) throws {
            try self.emergencyContactList.forEach {
                try $0.validate(name: "\(name).emergencyContactList[]")
            }
            try self.validate(self.emergencyContactList, name: "emergencyContactList", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case emergencyContactList = "EmergencyContactList"
        }
    }

    public struct AssociateProactiveEngagementDetailsResponse: AWSDecodableShape {
        public init() {}
    }

    public struct AttackDetail: AWSDecodableShape {
        /// List of counters that describe the attack for the specified time period.
        public let attackCounters: [SummarizedCounter]?
        /// The unique identifier (ID) of the attack.
        public let attackId: String?
        /// The array of objects that provide details of the Shield event.  For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see Shield metrics and alarms in the WAF Developer Guide.
        public let attackProperties: [AttackProperty]?
        /// The time the attack ended, in Unix time in seconds.
        public let endTime: Date?
        /// List of mitigation actions taken for the attack.
        public let mitigations: [Mitigation]?
        /// The ARN (Amazon Resource Name) of the resource that was attacked.
        public let resourceArn: String?
        /// The time the attack started, in Unix time in seconds.
        public let startTime: Date?
        /// If applicable, additional detail about the resource being attacked, for example, IP address or URL.
        public let subResources: [SubResourceSummary]?

        @inlinable
        public init(attackCounters: [SummarizedCounter]? = nil, attackId: String? = nil, attackProperties: [AttackProperty]? = nil, endTime: Date? = nil, mitigations: [Mitigation]? = nil, resourceArn: String? = nil, startTime: Date? = nil, subResources: [SubResourceSummary]? = nil) {
            self.attackCounters = attackCounters
            self.attackId = attackId
            self.attackProperties = attackProperties
            self.endTime = endTime
            self.mitigations = mitigations
            self.resourceArn = resourceArn
            self.startTime = startTime
            self.subResources = subResources
        }

        private enum CodingKeys: String, CodingKey {
            case attackCounters = "AttackCounters"
            case attackId = "AttackId"
            case attackProperties = "AttackProperties"
            case endTime = "EndTime"
            case mitigations = "Mitigations"
            case resourceArn = "ResourceArn"
            case startTime = "StartTime"
            case subResources = "SubResources"
        }
    }

    public struct AttackProperty: AWSDecodableShape {
        /// The type of Shield event that was observed. NETWORK indicates layer 3 and layer 4 events and APPLICATION indicates layer 7 events. For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see Shield metrics and alarms in the WAF Developer Guide.
        public let attackLayer: AttackLayer?
        /// Defines the Shield event property information that is provided. The WORDPRESS_PINGBACK_REFLECTOR and WORDPRESS_PINGBACK_SOURCE values are valid only for WordPress reflective pingback events.
        public let attackPropertyIdentifier: AttackPropertyIdentifier?
        /// Contributor objects for the top five contributors to a Shield event. A contributor is a source of traffic that Shield Advanced identifies as responsible for some or all of an event.
        public let topContributors: [Contributor]?
        /// The total contributions made to this Shield event by all contributors.
        public let total: Int64?
        /// The unit used for the Contributor Value property.
        public let unit: Unit?

        @inlinable
        public init(attackLayer: AttackLayer? = nil, attackPropertyIdentifier: AttackPropertyIdentifier? = nil, topContributors: [Contributor]? = nil, total: Int64? = nil, unit: Unit? = nil) {
            self.attackLayer = attackLayer
            self.attackPropertyIdentifier = attackPropertyIdentifier
            self.topContributors = topContributors
            self.total = total
            self.unit = unit
        }

        private enum CodingKeys: String, CodingKey {
            case attackLayer = "AttackLayer"
            case attackPropertyIdentifier = "AttackPropertyIdentifier"
            case topContributors = "TopContributors"
            case total = "Total"
            case unit = "Unit"
        }
    }

    public struct AttackStatisticsDataItem: AWSDecodableShape {
        /// The number of attacks detected during the time period. This is always present, but might be zero.
        public let attackCount: Int64
        /// Information about the volume of attacks during the time period. If the accompanying AttackCount is zero, this setting might be empty.
        public let attackVolume: AttackVolume?

        @inlinable
        public init(attackCount: Int64, attackVolume: AttackVolume? = nil) {
            self.attackCount = attackCount
            self.attackVolume = attackVolume
        }

        private enum CodingKeys: String, CodingKey {
            case attackCount = "AttackCount"
            case attackVolume = "AttackVolume"
        }
    }

    public struct AttackSummary: AWSDecodableShape {
        /// The unique identifier (ID) of the attack.
        public let attackId: String?
        /// The list of attacks for a specified time period.
        public let attackVectors: [AttackVectorDescription]?
        /// The end time of the attack, in Unix time in seconds.
        public let endTime: Date?
        /// The ARN (Amazon Resource Name) of the resource that was attacked.
        public let resourceArn: String?
        /// The start time of the attack, in Unix time in seconds.
        public let startTime: Date?

        @inlinable
        public init(attackId: String? = nil, attackVectors: [AttackVectorDescription]? = nil, endTime: Date? = nil, resourceArn: String? = nil, startTime: Date? = nil) {
            self.attackId = attackId
            self.attackVectors = attackVectors
            self.endTime = endTime
            self.resourceArn = resourceArn
            self.startTime = startTime
        }

        private enum CodingKeys: String, CodingKey {
            case attackId = "AttackId"
            case attackVectors = "AttackVectors"
            case endTime = "EndTime"
            case resourceArn = "ResourceArn"
            case startTime = "StartTime"
        }
    }

    public struct AttackVectorDescription: AWSDecodableShape {
        /// The attack type. Valid values:   UDP_TRAFFIC   UDP_FRAGMENT   GENERIC_UDP_REFLECTION   DNS_REFLECTION   NTP_REFLECTION   CHARGEN_REFLECTION   SSDP_REFLECTION   PORT_MAPPER   RIP_REFLECTION   SNMP_REFLECTION   MSSQL_REFLECTION   NET_BIOS_REFLECTION   SYN_FLOOD   ACK_FLOOD   REQUEST_FLOOD   HTTP_REFLECTION   UDS_REFLECTION   MEMCACHED_REFLECTION
        public let vectorType: String

        @inlinable
        public init(vectorType: String) {
            self.vectorType = vectorType
        }

        private enum CodingKeys: String, CodingKey {
            case vectorType = "VectorType"
        }
    }

    public struct AttackVolume: AWSDecodableShape {
        /// A statistics object that uses bits per second as the unit. This is included for network level attacks.
        public let bitsPerSecond: AttackVolumeStatistics?
        /// A statistics object that uses packets per second as the unit. This is included for network level attacks.
        public let packetsPerSecond: AttackVolumeStatistics?
        /// A statistics object that uses requests per second as the unit. This is included for application level attacks, and is only available for accounts that are subscribed to Shield Advanced.
        public let requestsPerSecond: AttackVolumeStatistics?

        @inlinable
        public init(bitsPerSecond: AttackVolumeStatistics? = nil, packetsPerSecond: AttackVolumeStatistics? = nil, requestsPerSecond: AttackVolumeStatistics? = nil) {
            self.bitsPerSecond = bitsPerSecond
            self.packetsPerSecond = packetsPerSecond
            self.requestsPerSecond = requestsPerSecond
        }

        private enum CodingKeys: String, CodingKey {
            case bitsPerSecond = "BitsPerSecond"
            case packetsPerSecond = "PacketsPerSecond"
            case requestsPerSecond = "RequestsPerSecond"
        }
    }

    public struct AttackVolumeStatistics: AWSDecodableShape {
        /// The maximum attack volume observed for the given unit.
        public let max: Double

        @inlinable
        public init(max: Double) {
            self.max = max
        }

        private enum CodingKeys: String, CodingKey {
            case max = "Max"
        }
    }

    public struct BlockAction: AWSEncodableShape & AWSDecodableShape {
        public init() {}
    }

    public struct Contributor: AWSDecodableShape {
        /// The name of the contributor. The type of name that you'll find here depends on the AttackPropertyIdentifier setting in the AttackProperty where this contributor is defined. For example, if the AttackPropertyIdentifier is SOURCE_COUNTRY, the Name could be United States.
        public let name: String?
        /// The contribution of this contributor expressed in Protection units. For example 10,000.
        public let value: Int64?

        @inlinable
        public init(name: String? = nil, value: Int64? = nil) {
            self.name = name
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case name = "Name"
            case value = "Value"
        }
    }

    public struct CountAction: AWSEncodableShape & AWSDecodableShape {
        public init() {}
    }

    public struct CreateProtectionGroupRequest: AWSEncodableShape {
        /// Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.   Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.   Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.   Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront and origin resources for CloudFront distributions.
        public let aggregation: ProtectionGroupAggregation
        /// The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.
        public let members: [String]?
        /// The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type.
        public let pattern: ProtectionGroupPattern
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String
        /// The resource type to include in the protection group. All protected resources of this type are included in the protection group. Newly protected resources of this type are automatically added to the group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.
        public let resourceType: ProtectedResourceType?
        /// One or more tag key-value pairs for the protection group.
        public let tags: [Tag]?

        @inlinable
        public init(aggregation: ProtectionGroupAggregation, members: [String]? = nil, pattern: ProtectionGroupPattern, protectionGroupId: String, resourceType: ProtectedResourceType? = nil, tags: [Tag]? = nil) {
            self.aggregation = aggregation
            self.members = members
            self.pattern = pattern
            self.protectionGroupId = protectionGroupId
            self.resourceType = resourceType
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.members?.forEach {
                try validate($0, name: "members[]", parent: name, max: 2048)
                try validate($0, name: "members[]", parent: name, min: 1)
                try validate($0, name: "members[]", parent: name, pattern: "^arn:aws")
            }
            try self.validate(self.members, name: "members", parent: name, max: 10000)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, max: 36)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, min: 1)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case aggregation = "Aggregation"
            case members = "Members"
            case pattern = "Pattern"
            case protectionGroupId = "ProtectionGroupId"
            case resourceType = "ResourceType"
            case tags = "Tags"
        }
    }

    public struct CreateProtectionGroupResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateProtectionRequest: AWSEncodableShape {
        /// Friendly name for the Protection you are creating.
        public let name: String
        /// The ARN (Amazon Resource Name) of the resource to be protected. The ARN should be in one of the following formats:   For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id     For an Elastic Load Balancer (Classic Load Balancer): arn:aws:elasticloadbalancing:region:account-id:loadbalancer/load-balancer-name     For an Amazon CloudFront distribution: arn:aws:cloudfront::account-id:distribution/distribution-id     For an Global Accelerator standard accelerator: arn:aws:globalaccelerator::account-id:accelerator/accelerator-id     For Amazon Route 53: arn:aws:route53:::hostedzone/hosted-zone-id     For an Elastic IP address: arn:aws:ec2:region:account-id:eip-allocation/allocation-id
        public let resourceArn: String
        /// One or more tag key-value pairs for the Protection object that is created.
        public let tags: [Tag]?

        @inlinable
        public init(name: String, resourceArn: String, tags: [Tag]? = nil) {
            self.name = name
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[ a-zA-Z0-9_\\\\.\\\\-]*$")
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case name = "Name"
            case resourceArn = "ResourceArn"
            case tags = "Tags"
        }
    }

    public struct CreateProtectionResponse: AWSDecodableShape {
        /// The unique identifier (ID) for the Protection object that is created.
        public let protectionId: String?

        @inlinable
        public init(protectionId: String? = nil) {
            self.protectionId = protectionId
        }

        private enum CodingKeys: String, CodingKey {
            case protectionId = "ProtectionId"
        }
    }

    public struct CreateSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct CreateSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteProtectionGroupRequest: AWSEncodableShape {
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String

        @inlinable
        public init(protectionGroupId: String) {
            self.protectionGroupId = protectionGroupId
        }

        public func validate(name: String) throws {
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, max: 36)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, min: 1)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case protectionGroupId = "ProtectionGroupId"
        }
    }

    public struct DeleteProtectionGroupResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteProtectionRequest: AWSEncodableShape {
        /// The unique identifier (ID) for the Protection object to be deleted.
        public let protectionId: String

        @inlinable
        public init(protectionId: String) {
            self.protectionId = protectionId
        }

        public func validate(name: String) throws {
            try self.validate(self.protectionId, name: "protectionId", parent: name, max: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, min: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case protectionId = "ProtectionId"
        }
    }

    public struct DeleteProtectionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DeleteSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DescribeAttackRequest: AWSEncodableShape {
        /// The unique identifier (ID) for the attack.
        public let attackId: String

        @inlinable
        public init(attackId: String) {
            self.attackId = attackId
        }

        public func validate(name: String) throws {
            try self.validate(self.attackId, name: "attackId", parent: name, max: 128)
            try self.validate(self.attackId, name: "attackId", parent: name, min: 1)
            try self.validate(self.attackId, name: "attackId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case attackId = "AttackId"
        }
    }

    public struct DescribeAttackResponse: AWSDecodableShape {
        /// The attack that you requested.
        public let attack: AttackDetail?

        @inlinable
        public init(attack: AttackDetail? = nil) {
            self.attack = attack
        }

        private enum CodingKeys: String, CodingKey {
            case attack = "Attack"
        }
    }

    public struct DescribeAttackStatisticsRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DescribeAttackStatisticsResponse: AWSDecodableShape {
        /// The data that describes the attacks detected during the time period.
        public let dataItems: [AttackStatisticsDataItem]
        /// The time range of the attack.
        public let timeRange: TimeRange

        @inlinable
        public init(dataItems: [AttackStatisticsDataItem], timeRange: TimeRange) {
            self.dataItems = dataItems
            self.timeRange = timeRange
        }

        private enum CodingKeys: String, CodingKey {
            case dataItems = "DataItems"
            case timeRange = "TimeRange"
        }
    }

    public struct DescribeDRTAccessRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DescribeDRTAccessResponse: AWSDecodableShape {
        /// The list of Amazon S3 buckets accessed by the SRT.
        public let logBucketList: [String]?
        /// The Amazon Resource Name (ARN) of the role the SRT used to access your Amazon Web Services account.
        public let roleArn: String?

        @inlinable
        public init(logBucketList: [String]? = nil, roleArn: String? = nil) {
            self.logBucketList = logBucketList
            self.roleArn = roleArn
        }

        private enum CodingKeys: String, CodingKey {
            case logBucketList = "LogBucketList"
            case roleArn = "RoleArn"
        }
    }

    public struct DescribeEmergencyContactSettingsRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DescribeEmergencyContactSettingsResponse: AWSDecodableShape {
        /// A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.
        public let emergencyContactList: [EmergencyContact]?

        @inlinable
        public init(emergencyContactList: [EmergencyContact]? = nil) {
            self.emergencyContactList = emergencyContactList
        }

        private enum CodingKeys: String, CodingKey {
            case emergencyContactList = "EmergencyContactList"
        }
    }

    public struct DescribeProtectionGroupRequest: AWSEncodableShape {
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String

        @inlinable
        public init(protectionGroupId: String) {
            self.protectionGroupId = protectionGroupId
        }

        public func validate(name: String) throws {
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, max: 36)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, min: 1)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case protectionGroupId = "ProtectionGroupId"
        }
    }

    public struct DescribeProtectionGroupResponse: AWSDecodableShape {
        /// A grouping of protected resources that you and Shield Advanced can monitor as a collective. This resource grouping improves the accuracy of detection and reduces false positives.
        public let protectionGroup: ProtectionGroup

        @inlinable
        public init(protectionGroup: ProtectionGroup) {
            self.protectionGroup = protectionGroup
        }

        private enum CodingKeys: String, CodingKey {
            case protectionGroup = "ProtectionGroup"
        }
    }

    public struct DescribeProtectionRequest: AWSEncodableShape {
        /// The unique identifier (ID) for the Protection object to describe.  You must provide either the ResourceArn of the protected resource or the ProtectionID of the protection, but not both.
        public let protectionId: String?
        /// The ARN (Amazon Resource Name) of the protected Amazon Web Services resource.  You must provide either the ResourceArn of the protected resource or the ProtectionID of the protection, but not both.
        public let resourceArn: String?

        @inlinable
        public init(protectionId: String? = nil, resourceArn: String? = nil) {
            self.protectionId = protectionId
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.protectionId, name: "protectionId", parent: name, max: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, min: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws")
        }

        private enum CodingKeys: String, CodingKey {
            case protectionId = "ProtectionId"
            case resourceArn = "ResourceArn"
        }
    }

    public struct DescribeProtectionResponse: AWSDecodableShape {
        /// The Protection that you requested.
        public let protection: Protection?

        @inlinable
        public init(protection: Protection? = nil) {
            self.protection = protection
        }

        private enum CodingKeys: String, CodingKey {
            case protection = "Protection"
        }
    }

    public struct DescribeSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DescribeSubscriptionResponse: AWSDecodableShape {
        /// The Shield Advanced subscription details for an account.
        public let subscription: Subscription?

        @inlinable
        public init(subscription: Subscription? = nil) {
            self.subscription = subscription
        }

        private enum CodingKeys: String, CodingKey {
            case subscription = "Subscription"
        }
    }

    public struct DisableApplicationLayerAutomaticResponseRequest: AWSEncodableShape {
        /// The ARN (Amazon Resource Name) of the protected resource.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct DisableApplicationLayerAutomaticResponseResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisableProactiveEngagementRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisableProactiveEngagementResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateDRTLogBucketRequest: AWSEncodableShape {
        /// The Amazon S3 bucket that contains the logs that you want to share.
        public let logBucket: String

        @inlinable
        public init(logBucket: String) {
            self.logBucket = logBucket
        }

        public func validate(name: String) throws {
            try self.validate(self.logBucket, name: "logBucket", parent: name, max: 63)
            try self.validate(self.logBucket, name: "logBucket", parent: name, min: 3)
            try self.validate(self.logBucket, name: "logBucket", parent: name, pattern: "^([a-z]|(\\d(?!\\d{0,2}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})))([a-z\\d]|(\\.(?!(\\.|-)))|(-(?!\\.))){1,61}[a-z\\d]$")
        }

        private enum CodingKeys: String, CodingKey {
            case logBucket = "LogBucket"
        }
    }

    public struct DisassociateDRTLogBucketResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateDRTRoleRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisassociateDRTRoleResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateHealthCheckRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the health check that is associated with the protection.
        public let healthCheckArn: String
        /// The unique identifier (ID) for the Protection object to remove the health check association from.
        public let protectionId: String

        @inlinable
        public init(healthCheckArn: String, protectionId: String) {
            self.healthCheckArn = healthCheckArn
            self.protectionId = protectionId
        }

        public func validate(name: String) throws {
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, max: 2048)
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, min: 1)
            try self.validate(self.healthCheckArn, name: "healthCheckArn", parent: name, pattern: "^arn:aws:route53:::healthcheck/\\S{36}$")
            try self.validate(self.protectionId, name: "protectionId", parent: name, max: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, min: 36)
            try self.validate(self.protectionId, name: "protectionId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case healthCheckArn = "HealthCheckArn"
            case protectionId = "ProtectionId"
        }
    }

    public struct DisassociateHealthCheckResponse: AWSDecodableShape {
        public init() {}
    }

    public struct EmergencyContact: AWSEncodableShape & AWSDecodableShape {
        /// Additional notes regarding the contact.
        public let contactNotes: String?
        /// The email address for the contact.
        public let emailAddress: String
        /// The phone number for the contact.
        public let phoneNumber: String?

        @inlinable
        public init(contactNotes: String? = nil, emailAddress: String, phoneNumber: String? = nil) {
            self.contactNotes = contactNotes
            self.emailAddress = emailAddress
            self.phoneNumber = phoneNumber
        }

        public func validate(name: String) throws {
            try self.validate(self.contactNotes, name: "contactNotes", parent: name, max: 1024)
            try self.validate(self.contactNotes, name: "contactNotes", parent: name, min: 1)
            try self.validate(self.contactNotes, name: "contactNotes", parent: name, pattern: "^[\\w\\s\\.\\-,:/()+@]*$")
            try self.validate(self.emailAddress, name: "emailAddress", parent: name, max: 150)
            try self.validate(self.emailAddress, name: "emailAddress", parent: name, min: 1)
            try self.validate(self.emailAddress, name: "emailAddress", parent: name, pattern: "^\\S+@\\S+\\.\\S+$")
            try self.validate(self.phoneNumber, name: "phoneNumber", parent: name, max: 16)
            try self.validate(self.phoneNumber, name: "phoneNumber", parent: name, min: 1)
            try self.validate(self.phoneNumber, name: "phoneNumber", parent: name, pattern: "^\\+[1-9]\\d{1,14}$")
        }

        private enum CodingKeys: String, CodingKey {
            case contactNotes = "ContactNotes"
            case emailAddress = "EmailAddress"
            case phoneNumber = "PhoneNumber"
        }
    }

    public struct EnableApplicationLayerAutomaticResponseRequest: AWSEncodableShape {
        /// Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
        public let action: ResponseAction
        /// The ARN (Amazon Resource Name) of the protected resource.
        public let resourceArn: String

        @inlinable
        public init(action: ResponseAction, resourceArn: String) {
            self.action = action
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws")
        }

        private enum CodingKeys: String, CodingKey {
            case action = "Action"
            case resourceArn = "ResourceArn"
        }
    }

    public struct EnableApplicationLayerAutomaticResponseResponse: AWSDecodableShape {
        public init() {}
    }

    public struct EnableProactiveEngagementRequest: AWSEncodableShape {
        public init() {}
    }

    public struct EnableProactiveEngagementResponse: AWSDecodableShape {
        public init() {}
    }

    public struct GetSubscriptionStateRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetSubscriptionStateResponse: AWSDecodableShape {
        /// The status of the subscription.
        public let subscriptionState: SubscriptionState

        @inlinable
        public init(subscriptionState: SubscriptionState) {
            self.subscriptionState = subscriptionState
        }

        private enum CodingKeys: String, CodingKey {
            case subscriptionState = "SubscriptionState"
        }
    }

    public struct InclusionProtectionFilters: AWSEncodableShape {
        /// The name of the protection that you want to retrieve.
        public let protectionNames: [String]?
        /// The ARN (Amazon Resource Name) of the resource whose protection you want to retrieve.
        public let resourceArns: [String]?
        /// The type of protected resource whose protections you want to retrieve.
        public let resourceTypes: [ProtectedResourceType]?

        @inlinable
        public init(protectionNames: [String]? = nil, resourceArns: [String]? = nil, resourceTypes: [ProtectedResourceType]? = nil) {
            self.protectionNames = protectionNames
            self.resourceArns = resourceArns
            self.resourceTypes = resourceTypes
        }

        public func validate(name: String) throws {
            try self.protectionNames?.forEach {
                try validate($0, name: "protectionNames[]", parent: name, max: 128)
                try validate($0, name: "protectionNames[]", parent: name, min: 1)
                try validate($0, name: "protectionNames[]", parent: name, pattern: "^[ a-zA-Z0-9_\\\\.\\\\-]*$")
            }
            try self.validate(self.protectionNames, name: "protectionNames", parent: name, max: 1)
            try self.validate(self.protectionNames, name: "protectionNames", parent: name, min: 1)
            try self.resourceArns?.forEach {
                try validate($0, name: "resourceArns[]", parent: name, max: 2048)
                try validate($0, name: "resourceArns[]", parent: name, min: 1)
                try validate($0, name: "resourceArns[]", parent: name, pattern: "^arn:aws")
            }
            try self.validate(self.resourceArns, name: "resourceArns", parent: name, max: 1)
            try self.validate(self.resourceArns, name: "resourceArns", parent: name, min: 1)
            try self.validate(self.resourceTypes, name: "resourceTypes", parent: name, max: 1)
            try self.validate(self.resourceTypes, name: "resourceTypes", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case protectionNames = "ProtectionNames"
            case resourceArns = "ResourceArns"
            case resourceTypes = "ResourceTypes"
        }
    }

    public struct InclusionProtectionGroupFilters: AWSEncodableShape {
        /// The aggregation setting of the protection groups that you want to retrieve.
        public let aggregations: [ProtectionGroupAggregation]?
        /// The pattern specification of the protection groups that you want to retrieve.
        public let patterns: [ProtectionGroupPattern]?
        /// The ID of the protection group that you want to retrieve.
        public let protectionGroupIds: [String]?
        /// The resource type configuration of the protection groups that you want to retrieve. In the protection group configuration, you specify the resource type when you set the group's Pattern to BY_RESOURCE_TYPE.
        public let resourceTypes: [ProtectedResourceType]?

        @inlinable
        public init(aggregations: [ProtectionGroupAggregation]? = nil, patterns: [ProtectionGroupPattern]? = nil, protectionGroupIds: [String]? = nil, resourceTypes: [ProtectedResourceType]? = nil) {
            self.aggregations = aggregations
            self.patterns = patterns
            self.protectionGroupIds = protectionGroupIds
            self.resourceTypes = resourceTypes
        }

        public func validate(name: String) throws {
            try self.validate(self.aggregations, name: "aggregations", parent: name, max: 1)
            try self.validate(self.aggregations, name: "aggregations", parent: name, min: 1)
            try self.validate(self.patterns, name: "patterns", parent: name, max: 1)
            try self.validate(self.patterns, name: "patterns", parent: name, min: 1)
            try self.protectionGroupIds?.forEach {
                try validate($0, name: "protectionGroupIds[]", parent: name, max: 36)
                try validate($0, name: "protectionGroupIds[]", parent: name, min: 1)
                try validate($0, name: "protectionGroupIds[]", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
            }
            try self.validate(self.protectionGroupIds, name: "protectionGroupIds", parent: name, max: 1)
            try self.validate(self.protectionGroupIds, name: "protectionGroupIds", parent: name, min: 1)
            try self.validate(self.resourceTypes, name: "resourceTypes", parent: name, max: 1)
            try self.validate(self.resourceTypes, name: "resourceTypes", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case aggregations = "Aggregations"
            case patterns = "Patterns"
            case protectionGroupIds = "ProtectionGroupIds"
            case resourceTypes = "ResourceTypes"
        }
    }

    public struct InvalidParameterException: AWSErrorShape {
        /// Fields that caused the exception.
        public let fields: [ValidationExceptionField]?
        public let message: String?
        /// Additional information about the exception.
        public let reason: ValidationExceptionReason?

        @inlinable
        public init(fields: [ValidationExceptionField]? = nil, message: String? = nil, reason: ValidationExceptionReason? = nil) {
            self.fields = fields
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case fields = "fields"
            case message = "message"
            case reason = "reason"
        }
    }

    public struct Limit: AWSDecodableShape {
        /// The maximum number of protections that can be created for the specified Type.
        public let max: Int64?
        /// The type of protection.
        public let type: String?

        @inlinable
        public init(max: Int64? = nil, type: String? = nil) {
            self.max = max
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case max = "Max"
            case type = "Type"
        }
    }

    public struct LimitsExceededException: AWSErrorShape {
        /// The threshold that would be exceeded.
        public let limit: Int64?
        public let message: String?
        /// The type of limit that would be exceeded.
        public let type: String?

        @inlinable
        public init(limit: Int64? = nil, message: String? = nil, type: String? = nil) {
            self.limit = limit
            self.message = message
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case limit = "Limit"
            case message = "message"
            case type = "Type"
        }
    }

    public struct ListAttacksRequest: AWSEncodableShape {
        /// The end of the time period for the attacks. This is a timestamp type. The request syntax listing for this call indicates a number type, but you can provide the time in any valid timestamp format setting.
        public let endTime: TimeRange?
        /// The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response. The default setting is 20.
        public let maxResults: Int?
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value. On your first call to a list operation, leave this setting empty.
        public let nextToken: String?
        /// The ARNs (Amazon Resource Names) of the resources that were attacked. If you leave this blank, all applicable resources for this account will be included.
        public let resourceArns: [String]?
        /// The start of the time period for the attacks. This is a timestamp type. The request syntax listing for this call indicates a number type, but you can provide the time in any valid timestamp format setting.
        public let startTime: TimeRange?

        @inlinable
        public init(endTime: TimeRange? = nil, maxResults: Int? = nil, nextToken: String? = nil, resourceArns: [String]? = nil, startTime: TimeRange? = nil) {
            self.endTime = endTime
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.resourceArns = resourceArns
            self.startTime = startTime
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 10000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 0)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^.*$")
            try self.resourceArns?.forEach {
                try validate($0, name: "resourceArns[]", parent: name, max: 2048)
                try validate($0, name: "resourceArns[]", parent: name, min: 1)
                try validate($0, name: "resourceArns[]", parent: name, pattern: "^arn:aws")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case endTime = "EndTime"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case resourceArns = "ResourceArns"
            case startTime = "StartTime"
        }
    }

    public struct ListAttacksResponse: AWSDecodableShape {
        /// The attack information for the specified time range.
        public let attackSummaries: [AttackSummary]?
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.
        public let nextToken: String?

        @inlinable
        public init(attackSummaries: [AttackSummary]? = nil, nextToken: String? = nil) {
            self.attackSummaries = attackSummaries
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case attackSummaries = "AttackSummaries"
            case nextToken = "NextToken"
        }
    }

    public struct ListProtectionGroupsRequest: AWSEncodableShape {
        /// Narrows the set of protection groups that the call retrieves. You can retrieve a single protection group by its name and you can retrieve all protection groups that are configured with specific pattern or aggregation settings. You can provide up to one criteria per filter type. Shield Advanced returns the protection groups that exactly match all of the search criteria that you provide.
        public let inclusionFilters: InclusionProtectionGroupFilters?
        /// The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response. The default setting is 20.
        public let maxResults: Int?
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value. On your first call to a list operation, leave this setting empty.
        public let nextToken: String?

        @inlinable
        public init(inclusionFilters: InclusionProtectionGroupFilters? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.inclusionFilters = inclusionFilters
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.inclusionFilters?.validate(name: "\(name).inclusionFilters")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 10000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 0)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^.*$")
        }

        private enum CodingKeys: String, CodingKey {
            case inclusionFilters = "InclusionFilters"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListProtectionGroupsResponse: AWSDecodableShape {
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.
        public let nextToken: String?
        public let protectionGroups: [ProtectionGroup]

        @inlinable
        public init(nextToken: String? = nil, protectionGroups: [ProtectionGroup]) {
            self.nextToken = nextToken
            self.protectionGroups = protectionGroups
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case protectionGroups = "ProtectionGroups"
        }
    }

    public struct ListProtectionsRequest: AWSEncodableShape {
        /// Narrows the set of protections that the call retrieves. You can retrieve a single protection by providing its name or the ARN (Amazon Resource Name) of its protected resource. You can also retrieve all protections for a specific resource type. You can provide up to one criteria per filter type. Shield Advanced returns protections that exactly match all of the filter criteria that you provide.
        public let inclusionFilters: InclusionProtectionFilters?
        /// The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response. The default setting is 20.
        public let maxResults: Int?
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value. On your first call to a list operation, leave this setting empty.
        public let nextToken: String?

        @inlinable
        public init(inclusionFilters: InclusionProtectionFilters? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.inclusionFilters = inclusionFilters
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.inclusionFilters?.validate(name: "\(name).inclusionFilters")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 10000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 0)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^.*$")
        }

        private enum CodingKeys: String, CodingKey {
            case inclusionFilters = "InclusionFilters"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListProtectionsResponse: AWSDecodableShape {
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.
        public let nextToken: String?
        /// The array of enabled Protection objects.
        public let protections: [Protection]?

        @inlinable
        public init(nextToken: String? = nil, protections: [Protection]? = nil) {
            self.nextToken = nextToken
            self.protections = protections
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case protections = "Protections"
        }
    }

    public struct ListResourcesInProtectionGroupRequest: AWSEncodableShape {
        /// The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response. The default setting is 20.
        public let maxResults: Int?
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value. On your first call to a list operation, leave this setting empty.
        public let nextToken: String?
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, protectionGroupId: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.protectionGroupId = protectionGroupId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 10000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 0)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^.*$")
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, max: 36)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, min: 1)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case protectionGroupId = "ProtectionGroupId"
        }
    }

    public struct ListResourcesInProtectionGroupResponse: AWSDecodableShape {
        /// When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.  You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available. Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.
        public let nextToken: String?
        /// The Amazon Resource Names (ARNs) of the resources that are included in the protection group.
        public let resourceArns: [String]

        @inlinable
        public init(nextToken: String? = nil, resourceArns: [String]) {
            self.nextToken = nextToken
            self.resourceArns = resourceArns
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case resourceArns = "ResourceArns"
        }
    }

    public struct ListTagsForResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource to get tags for.
        public let resourceARN: String

        @inlinable
        public init(resourceARN: String) {
            self.resourceARN = resourceARN
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, max: 2048)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, min: 1)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, pattern: "^arn:aws")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceARN = "ResourceARN"
        }
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// A list of tag key and value pairs associated with the specified resource.
        public let tags: [Tag]?

        @inlinable
        public init(tags: [Tag]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "Tags"
        }
    }

    public struct Mitigation: AWSDecodableShape {
        /// The name of the mitigation taken for this attack.
        public let mitigationName: String?

        @inlinable
        public init(mitigationName: String? = nil) {
            self.mitigationName = mitigationName
        }

        private enum CodingKeys: String, CodingKey {
            case mitigationName = "MitigationName"
        }
    }

    public struct Protection: AWSDecodableShape {
        /// The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.
        public let applicationLayerAutomaticResponseConfiguration: ApplicationLayerAutomaticResponseConfiguration?
        /// The unique identifier (ID) for the Route 53 health check that's associated with the protection.
        public let healthCheckIds: [String]?
        /// The unique identifier (ID) of the protection.
        public let id: String?
        /// The name of the protection. For example, My CloudFront distributions.
        public let name: String?
        /// The ARN (Amazon Resource Name) of the protection.
        public let protectionArn: String?
        /// The ARN (Amazon Resource Name) of the Amazon Web Services resource that is protected.
        public let resourceArn: String?

        @inlinable
        public init(applicationLayerAutomaticResponseConfiguration: ApplicationLayerAutomaticResponseConfiguration? = nil, healthCheckIds: [String]? = nil, id: String? = nil, name: String? = nil, protectionArn: String? = nil, resourceArn: String? = nil) {
            self.applicationLayerAutomaticResponseConfiguration = applicationLayerAutomaticResponseConfiguration
            self.healthCheckIds = healthCheckIds
            self.id = id
            self.name = name
            self.protectionArn = protectionArn
            self.resourceArn = resourceArn
        }

        private enum CodingKeys: String, CodingKey {
            case applicationLayerAutomaticResponseConfiguration = "ApplicationLayerAutomaticResponseConfiguration"
            case healthCheckIds = "HealthCheckIds"
            case id = "Id"
            case name = "Name"
            case protectionArn = "ProtectionArn"
            case resourceArn = "ResourceArn"
        }
    }

    public struct ProtectionGroup: AWSDecodableShape {
        /// Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.   Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.   Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.   Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront distributions and origin resources for CloudFront distributions.
        public let aggregation: ProtectionGroupAggregation
        /// The ARNs (Amazon Resource Names) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.
        public let members: [String]
        /// The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource ARNs (Amazon Resource Names), or include all resources of a specified resource type.
        public let pattern: ProtectionGroupPattern
        /// The ARN (Amazon Resource Name) of the protection group.
        public let protectionGroupArn: String?
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String
        /// The resource type to include in the protection group. All protected resources of this type are included in the protection group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.
        public let resourceType: ProtectedResourceType?

        @inlinable
        public init(aggregation: ProtectionGroupAggregation, members: [String], pattern: ProtectionGroupPattern, protectionGroupArn: String? = nil, protectionGroupId: String, resourceType: ProtectedResourceType? = nil) {
            self.aggregation = aggregation
            self.members = members
            self.pattern = pattern
            self.protectionGroupArn = protectionGroupArn
            self.protectionGroupId = protectionGroupId
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case aggregation = "Aggregation"
            case members = "Members"
            case pattern = "Pattern"
            case protectionGroupArn = "ProtectionGroupArn"
            case protectionGroupId = "ProtectionGroupId"
            case resourceType = "ResourceType"
        }
    }

    public struct ProtectionGroupArbitraryPatternLimits: AWSDecodableShape {
        /// The maximum number of resources you can specify for a single arbitrary pattern in a protection group.
        public let maxMembers: Int64

        @inlinable
        public init(maxMembers: Int64) {
            self.maxMembers = maxMembers
        }

        private enum CodingKeys: String, CodingKey {
            case maxMembers = "MaxMembers"
        }
    }

    public struct ProtectionGroupLimits: AWSDecodableShape {
        /// The maximum number of protection groups that you can have at one time.
        public let maxProtectionGroups: Int64
        /// Limits settings by pattern type in the protection groups for your subscription.
        public let patternTypeLimits: ProtectionGroupPatternTypeLimits

        @inlinable
        public init(maxProtectionGroups: Int64, patternTypeLimits: ProtectionGroupPatternTypeLimits) {
            self.maxProtectionGroups = maxProtectionGroups
            self.patternTypeLimits = patternTypeLimits
        }

        private enum CodingKeys: String, CodingKey {
            case maxProtectionGroups = "MaxProtectionGroups"
            case patternTypeLimits = "PatternTypeLimits"
        }
    }

    public struct ProtectionGroupPatternTypeLimits: AWSDecodableShape {
        /// Limits settings on protection groups with arbitrary pattern type.
        public let arbitraryPatternLimits: ProtectionGroupArbitraryPatternLimits

        @inlinable
        public init(arbitraryPatternLimits: ProtectionGroupArbitraryPatternLimits) {
            self.arbitraryPatternLimits = arbitraryPatternLimits
        }

        private enum CodingKeys: String, CodingKey {
            case arbitraryPatternLimits = "ArbitraryPatternLimits"
        }
    }

    public struct ProtectionLimits: AWSDecodableShape {
        /// The maximum number of resource types that you can specify in a protection.
        public let protectedResourceTypeLimits: [Limit]

        @inlinable
        public init(protectedResourceTypeLimits: [Limit]) {
            self.protectedResourceTypeLimits = protectedResourceTypeLimits
        }

        private enum CodingKeys: String, CodingKey {
            case protectedResourceTypeLimits = "ProtectedResourceTypeLimits"
        }
    }

    public struct ResourceAlreadyExistsException: AWSErrorShape {
        public let message: String?
        /// The type of resource that already exists.
        public let resourceType: String?

        @inlinable
        public init(message: String? = nil, resourceType: String? = nil) {
            self.message = message
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceType = "resourceType"
        }
    }

    public struct ResourceNotFoundException: AWSErrorShape {
        public let message: String?
        /// Type of resource.
        public let resourceType: String?

        @inlinable
        public init(message: String? = nil, resourceType: String? = nil) {
            self.message = message
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceType = "resourceType"
        }
    }

    public struct ResponseAction: AWSEncodableShape & AWSDecodableShape {
        /// Specifies that Shield Advanced should configure its WAF rules with the WAF Block action.  You must specify exactly one action, either Block or Count.
        public let block: BlockAction?
        /// Specifies that Shield Advanced should configure its WAF rules with the WAF Count action.  You must specify exactly one action, either Block or Count.
        public let count: CountAction?

        @inlinable
        public init(block: BlockAction? = nil, count: CountAction? = nil) {
            self.block = block
            self.count = count
        }

        private enum CodingKeys: String, CodingKey {
            case block = "Block"
            case count = "Count"
        }
    }

    public struct SubResourceSummary: AWSDecodableShape {
        /// The list of attack types and associated counters.
        public let attackVectors: [SummarizedAttackVector]?
        /// The counters that describe the details of the attack.
        public let counters: [SummarizedCounter]?
        /// The unique identifier (ID) of the SubResource.
        public let id: String?
        /// The SubResource type.
        public let type: SubResourceType?

        @inlinable
        public init(attackVectors: [SummarizedAttackVector]? = nil, counters: [SummarizedCounter]? = nil, id: String? = nil, type: SubResourceType? = nil) {
            self.attackVectors = attackVectors
            self.counters = counters
            self.id = id
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case attackVectors = "AttackVectors"
            case counters = "Counters"
            case id = "Id"
            case type = "Type"
        }
    }

    public struct Subscription: AWSDecodableShape {
        /// If ENABLED, the subscription will be automatically renewed at the end of the existing subscription period. When you initally create a subscription, AutoRenew is set to ENABLED. You can change this by submitting an UpdateSubscription request. If the UpdateSubscription request does not included a value for AutoRenew, the existing value for AutoRenew remains unchanged.
        public let autoRenew: AutoRenew?
        /// The date and time your subscription will end.
        public let endTime: Date?
        /// Specifies how many protections of a given type you can create.
        public let limits: [Limit]?
        /// If ENABLED, the Shield Response Team (SRT) will use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support. If PENDING, you have requested proactive engagement and the request is pending. The status changes to ENABLED when your request is fully processed. If DISABLED, the SRT will not proactively notify contacts about escalations or to initiate proactive customer support.
        public let proactiveEngagementStatus: ProactiveEngagementStatus?
        /// The start time of the subscription, in Unix time in seconds.
        public let startTime: Date?
        /// The ARN (Amazon Resource Name) of the subscription.
        public let subscriptionArn: String?
        /// Limits settings for your subscription.
        public let subscriptionLimits: SubscriptionLimits
        /// The length, in seconds, of the Shield Advanced subscription for the account.
        public let timeCommitmentInSeconds: Int64?

        @inlinable
        public init(autoRenew: AutoRenew? = nil, endTime: Date? = nil, limits: [Limit]? = nil, proactiveEngagementStatus: ProactiveEngagementStatus? = nil, startTime: Date? = nil, subscriptionArn: String? = nil, subscriptionLimits: SubscriptionLimits, timeCommitmentInSeconds: Int64? = nil) {
            self.autoRenew = autoRenew
            self.endTime = endTime
            self.limits = limits
            self.proactiveEngagementStatus = proactiveEngagementStatus
            self.startTime = startTime
            self.subscriptionArn = subscriptionArn
            self.subscriptionLimits = subscriptionLimits
            self.timeCommitmentInSeconds = timeCommitmentInSeconds
        }

        private enum CodingKeys: String, CodingKey {
            case autoRenew = "AutoRenew"
            case endTime = "EndTime"
            case limits = "Limits"
            case proactiveEngagementStatus = "ProactiveEngagementStatus"
            case startTime = "StartTime"
            case subscriptionArn = "SubscriptionArn"
            case subscriptionLimits = "SubscriptionLimits"
            case timeCommitmentInSeconds = "TimeCommitmentInSeconds"
        }
    }

    public struct SubscriptionLimits: AWSDecodableShape {
        /// Limits settings on protection groups for your subscription.
        public let protectionGroupLimits: ProtectionGroupLimits
        /// Limits settings on protections for your subscription.
        public let protectionLimits: ProtectionLimits

        @inlinable
        public init(protectionGroupLimits: ProtectionGroupLimits, protectionLimits: ProtectionLimits) {
            self.protectionGroupLimits = protectionGroupLimits
            self.protectionLimits = protectionLimits
        }

        private enum CodingKeys: String, CodingKey {
            case protectionGroupLimits = "ProtectionGroupLimits"
            case protectionLimits = "ProtectionLimits"
        }
    }

    public struct SummarizedAttackVector: AWSDecodableShape {
        /// The list of counters that describe the details of the attack.
        public let vectorCounters: [SummarizedCounter]?
        /// The attack type, for example, SNMP reflection or SYN flood.
        public let vectorType: String

        @inlinable
        public init(vectorCounters: [SummarizedCounter]? = nil, vectorType: String) {
            self.vectorCounters = vectorCounters
            self.vectorType = vectorType
        }

        private enum CodingKeys: String, CodingKey {
            case vectorCounters = "VectorCounters"
            case vectorType = "VectorType"
        }
    }

    public struct SummarizedCounter: AWSDecodableShape {
        /// The average value of the counter for a specified time period.
        public let average: Double?
        /// The maximum value of the counter for a specified time period.
        public let max: Double?
        /// The number of counters for a specified time period.
        public let n: Int?
        /// The counter name.
        public let name: String?
        /// The total of counter values for a specified time period.
        public let sum: Double?
        /// The unit of the counters.
        public let unit: String?

        @inlinable
        public init(average: Double? = nil, max: Double? = nil, n: Int? = nil, name: String? = nil, sum: Double? = nil, unit: String? = nil) {
            self.average = average
            self.max = max
            self.n = n
            self.name = name
            self.sum = sum
            self.unit = unit
        }

        private enum CodingKeys: String, CodingKey {
            case average = "Average"
            case max = "Max"
            case n = "N"
            case name = "Name"
            case sum = "Sum"
            case unit = "Unit"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
        public let key: String?
        /// Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
        public let value: String?

        @inlinable
        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.value, name: "value", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource that you want to add or update tags for.
        public let resourceARN: String
        /// The tags that you want to modify or add to the resource.
        public let tags: [Tag]

        @inlinable
        public init(resourceARN: String, tags: [Tag]) {
            self.resourceARN = resourceARN
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, max: 2048)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, min: 1)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, pattern: "^arn:aws")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceARN = "ResourceARN"
            case tags = "Tags"
        }
    }

    public struct TagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct TimeRange: AWSEncodableShape & AWSDecodableShape {
        /// The start time, in Unix time in seconds.
        public let fromInclusive: Date?
        /// The end time, in Unix time in seconds.
        public let toExclusive: Date?

        @inlinable
        public init(fromInclusive: Date? = nil, toExclusive: Date? = nil) {
            self.fromInclusive = fromInclusive
            self.toExclusive = toExclusive
        }

        private enum CodingKeys: String, CodingKey {
            case fromInclusive = "FromInclusive"
            case toExclusive = "ToExclusive"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource that you want to remove tags from.
        public let resourceARN: String
        /// The tag key for each tag that you want to remove from the resource.
        public let tagKeys: [String]

        @inlinable
        public init(resourceARN: String, tagKeys: [String]) {
            self.resourceARN = resourceARN
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, max: 2048)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, min: 1)
            try self.validate(self.resourceARN, name: "resourceARN", parent: name, pattern: "^arn:aws")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceARN = "ResourceARN"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateApplicationLayerAutomaticResponseRequest: AWSEncodableShape {
        /// Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
        public let action: ResponseAction
        /// The ARN (Amazon Resource Name) of the resource.
        public let resourceArn: String

        @inlinable
        public init(action: ResponseAction, resourceArn: String) {
            self.action = action
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws")
        }

        private enum CodingKeys: String, CodingKey {
            case action = "Action"
            case resourceArn = "ResourceArn"
        }
    }

    public struct UpdateApplicationLayerAutomaticResponseResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateEmergencyContactSettingsRequest: AWSEncodableShape {
        /// A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support. If you have proactive engagement enabled, the contact list must include at least one phone number.
        public let emergencyContactList: [EmergencyContact]?

        @inlinable
        public init(emergencyContactList: [EmergencyContact]? = nil) {
            self.emergencyContactList = emergencyContactList
        }

        public func validate(name: String) throws {
            try self.emergencyContactList?.forEach {
                try $0.validate(name: "\(name).emergencyContactList[]")
            }
            try self.validate(self.emergencyContactList, name: "emergencyContactList", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case emergencyContactList = "EmergencyContactList"
        }
    }

    public struct UpdateEmergencyContactSettingsResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateProtectionGroupRequest: AWSEncodableShape {
        /// Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.   Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.   Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.   Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront distributions and origin resources for CloudFront distributions.
        public let aggregation: ProtectionGroupAggregation
        /// The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.
        public let members: [String]?
        /// The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type.
        public let pattern: ProtectionGroupPattern
        /// The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
        public let protectionGroupId: String
        /// The resource type to include in the protection group. All protected resources of this type are included in the protection group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.
        public let resourceType: ProtectedResourceType?

        @inlinable
        public init(aggregation: ProtectionGroupAggregation, members: [String]? = nil, pattern: ProtectionGroupPattern, protectionGroupId: String, resourceType: ProtectedResourceType? = nil) {
            self.aggregation = aggregation
            self.members = members
            self.pattern = pattern
            self.protectionGroupId = protectionGroupId
            self.resourceType = resourceType
        }

        public func validate(name: String) throws {
            try self.members?.forEach {
                try validate($0, name: "members[]", parent: name, max: 2048)
                try validate($0, name: "members[]", parent: name, min: 1)
                try validate($0, name: "members[]", parent: name, pattern: "^arn:aws")
            }
            try self.validate(self.members, name: "members", parent: name, max: 10000)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, max: 36)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, min: 1)
            try self.validate(self.protectionGroupId, name: "protectionGroupId", parent: name, pattern: "^[a-zA-Z0-9\\\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case aggregation = "Aggregation"
            case members = "Members"
            case pattern = "Pattern"
            case protectionGroupId = "ProtectionGroupId"
            case resourceType = "ResourceType"
        }
    }

    public struct UpdateProtectionGroupResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateSubscriptionRequest: AWSEncodableShape {
        /// When you initally create a subscription, AutoRenew is set to ENABLED. If ENABLED, the subscription will be automatically renewed at the end of the existing subscription period. You can change this by submitting an UpdateSubscription request. If the UpdateSubscription request does not included a value for AutoRenew, the existing value for AutoRenew remains unchanged.
        public let autoRenew: AutoRenew?

        @inlinable
        public init(autoRenew: AutoRenew? = nil) {
            self.autoRenew = autoRenew
        }

        private enum CodingKeys: String, CodingKey {
            case autoRenew = "AutoRenew"
        }
    }

    public struct UpdateSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct ValidationExceptionField: AWSDecodableShape {
        /// The message describing why the parameter failed validation.
        public let message: String
        /// The name of the parameter that failed validation.
        public let name: String

        @inlinable
        public init(message: String, name: String) {
            self.message = message
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case name = "name"
        }
    }
}

// MARK: - Errors

/// Error enum for Shield
public struct ShieldErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case accessDeniedForDependencyException = "AccessDeniedForDependencyException"
        case internalErrorException = "InternalErrorException"
        case invalidOperationException = "InvalidOperationException"
        case invalidPaginationTokenException = "InvalidPaginationTokenException"
        case invalidParameterException = "InvalidParameterException"
        case invalidResourceException = "InvalidResourceException"
        case limitsExceededException = "LimitsExceededException"
        case lockedSubscriptionException = "LockedSubscriptionException"
        case noAssociatedRoleException = "NoAssociatedRoleException"
        case optimisticLockException = "OptimisticLockException"
        case resourceAlreadyExistsException = "ResourceAlreadyExistsException"
        case resourceNotFoundException = "ResourceNotFoundException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize Shield
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// Exception that indicates the specified AttackId does not exist, or the requester does not have the appropriate permissions to access the AttackId.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.
    public static var accessDeniedForDependencyException: Self { .init(.accessDeniedForDependencyException) }
    /// Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.
    public static var internalErrorException: Self { .init(.internalErrorException) }
    /// Exception that indicates that the operation would not cause any change to occur.
    public static var invalidOperationException: Self { .init(.invalidOperationException) }
    /// Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the prior response.
    public static var invalidPaginationTokenException: Self { .init(.invalidPaginationTokenException) }
    /// Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.
    public static var invalidParameterException: Self { .init(.invalidParameterException) }
    /// Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.
    public static var invalidResourceException: Self { .init(.invalidResourceException) }
    /// Exception that indicates that the operation would exceed a limit.
    public static var limitsExceededException: Self { .init(.limitsExceededException) }
    /// You are trying to update a subscription that has not yet completed the 1-year commitment. You can change the AutoRenew parameter during the last 30 days of your subscription. This exception indicates that you are attempting to change AutoRenew prior to that period.
    public static var lockedSubscriptionException: Self { .init(.lockedSubscriptionException) }
    /// The ARN of the role that you specified does not exist.
    public static var noAssociatedRoleException: Self { .init(.noAssociatedRoleException) }
    /// Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.
    public static var optimisticLockException: Self { .init(.optimisticLockException) }
    /// Exception indicating the specified resource already exists. If available, this exception includes details in additional properties.
    public static var resourceAlreadyExistsException: Self { .init(.resourceAlreadyExistsException) }
    /// Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
}

extension ShieldErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "InvalidParameterException": Shield.InvalidParameterException.self,
        "LimitsExceededException": Shield.LimitsExceededException.self,
        "ResourceAlreadyExistsException": Shield.ResourceAlreadyExistsException.self,
        "ResourceNotFoundException": Shield.ResourceNotFoundException.self
    ]
}

extension ShieldErrorType: Equatable {
    public static func == (lhs: ShieldErrorType, rhs: ShieldErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension ShieldErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
